Overview

overview

1

Static

static

URLScan

urlscan

https://bibendumstor...

windows10_x64

1

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bibendumstore.blob.core.windows.net

  • Sample

    210722-9jxm2mtqee

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bibendumstore.blob.core.windows.net
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:636 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4060

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    0726c823aa5768be18aaa1c8ebac1b75

    SHA1

    01d538a69d6cbb2ac8b2990c10a4ece4f4036aa2

    SHA256

    e1ef88a6c1e4fe1ebc1574b37de4d5e58d97b878d03a90feb0236e1b0285a0eb

    SHA512

    f25d7d1b6ca062c12ebea20ff932953b406eeb9d15dfb35e655c42fe5f9e5339eef487b426818d7f8667e13ce5d22e40a32fbfccdaa6e79b2bc962d362cab972

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7LZMG29W.cookie
    MD5

    37a38ff8478e98a7e1d57a578b2ddb52

    SHA1

    24988a44b8d14055e717f9f1d88e68b81a8471f3

    SHA256

    4ae4e82a7756d924fa1acb73efeea74305611277246b9f18589b23ed077b0dbd

    SHA512

    a1be184eff4f223cc57b051489944cc3f8f69de20da9ca80604b3f81f2f5f27749997f0c9b5fa280dc91bf3ec40e850a44fe4469609d4d099f18d8e4e77c9236

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\R2IZIYZR.cookie
    MD5

    150c167989d3f32691099853dbd52fef

    SHA1

    506de3d1ab5bfc027925b59b4f3aaa29aea67af6

    SHA256

    27d97edc1b81e07c9ce1bd19895d2a4b27596d95e7779758c7e9f9831707eddc

    SHA512

    d5a8cf1f0cc1ed9059892cd9425b533bf076cff882ea98cecb8df974212f2b3afa2372f24c027deab4c6977819e5328f30c16214f3a29c8f531ba74f31588236

    Download Submit
  • memory/636-114-0x00007FF8E45F0000-0x00007FF8E465B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4060-115-0x0000000000000000-mapping.dmp
    Download